In what could be considered an embarrassment for the Andhra Pradesh government, an independent researcher has highlighted two cases in two days of Aadhaar details of citizens being leaked online.
A day after it came to light that the state government potentially made public the Aadhaar data of at least 1.34 lakh citizens of the state, another instance has surfaced.
Taking to Twitter, Aadhaar whistleblower Srinivas Kodali put out screenshots that suggested that the Unique Identity Number (UID) numbers of 89,38,138 MNREGA (Mahatma Gandhi National Rural Employment Guarantee Act) beneficiaries had been compromised on the website of the Andhra Pradesh Benefit Disbursement Portal.
"Website maintained by $100 billion company TCS along with another government department. Reported to security agencies. Question: where is the UIDAI bug reporting mechanism?" Srinivas tweeted.
The portal was being managed by APOnline, which is a joint venture between the state government and Tata Consultancy Services (TCS). It is not like they didn’t have the capacity, as they hired engineers from a private company.Srinivas Kodali, Aadhaar whistleblower, to The News Minute
Srinivas also lamented that there are no proper mechanisms to report bugs.
"When a bug is reported, there is no proper mechanism in place to acknowledge the mistake. What are they doing about it? Until they change this, these leaks will continue to happen," he added.
After Srinivas reported the bug, the portal began masking the Aadhaar numbers.
This came just a day after the Aadhaar data of at least 1.34 lakh citizens in the state was compromised, along with other details like their religion, caste and bank details.
The names were part of a list titled ‘Beneficiary Details belonging to Entry Report for Scheme Hudhud’ and were available on the website of the Andhra Pradesh State Housing Corporation.
The page clearly showed the name of the person’s father, address, panchayat, mobile number, ration card number, occupation, religion, caste, Aadhaar number, along with other details including bank details like bank branch, IFSC code, and account number.
This was in conflict with the Unique Identification Authority of India's (UIDAI) stand, where it said that it does not link any of these details with the Aadhaar number.
(The story was originally published on The News Minute and has been republished with permission.)
(The Quint is now on WhatsApp. To receive handpicked stories on topics you care about, subscribe to our WhatsApp services. Just go to TheQuint.com/WhatsApp and hit send.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)